RE: Blocking Access to Non-domain computers
From: Steven A. Fletcher (sfletcher_at_integrityts.com)
Date: 08/25/04
- Previous message: Steven A. Fletcher: "RE: unable to join domain from dmz"
- Maybe in reply to: Brian Gehrke: "Blocking Access to Non-domain computers"
- Next in thread: Raoul Armfield: "RE: Blocking Access to Non-domain computers"
- Reply: Raoul Armfield: "RE: Blocking Access to Non-domain computers"
- Reply: Dan and Liz Boyson: "RE: Blocking Access to Non-domain computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Aug 2004 23:53:56 -0500 To: "Andreas" <andreas@inferno.nadir.org>, <security-basics@securityfocus.com>
That is the only option I can think of. If you think about it, how
could you keep non-domain computers from getting an IP address? As far
as I know, there is no provision in DHCP for such control. For the
system to determine whether or not to give the machine an address, the
machine would need to be able to communicate with the domain
controllers, which would require an IP address for the communication to
be able to happen.
Steve Fletcher
Senior Network Engineer, MCSE (NT4/Win2k), HP Master ASE, CCNA,
Security+
Integrity Technology Solutions
Phone: (309)664-8129
Toll Free: (888) 764-8100 ext. 129
Fax: (309) 662-6421
sfletcher@integrityts.com
-----Original Message-----
From: Andreas [mailto:andreas@inferno.nadir.org]
Sent: Monday, August 23, 2004 2:16 PM
To: security-basics@securityfocus.com
Subject: Re: Blocking Access to Non-domain computers
Hello,
On Thursday 19 August 2004 16:58, Brian Gehrke wrote:
> I am running a W2K domain, using DHCP. Is it possible to block
> non-domain computers from getting an IP address from the DHCP server,
so
> they will not be able to access the Internet through the network.
is dhcp by mac address (which of course can easily be spoofed)
an option?
regards,
andreas
------------------------------------------------------------------------
--- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
- Previous message: Steven A. Fletcher: "RE: unable to join domain from dmz"
- Maybe in reply to: Brian Gehrke: "Blocking Access to Non-domain computers"
- Next in thread: Raoul Armfield: "RE: Blocking Access to Non-domain computers"
- Reply: Raoul Armfield: "RE: Blocking Access to Non-domain computers"
- Reply: Dan and Liz Boyson: "RE: Blocking Access to Non-domain computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
